A combined survey on distribution system state estimation and false data injection in cyber‐physical power distribution networks

Poornachandratejasvi L. Bhattar, Department of Electrical Engineering, Indian Institute of Technology Gandhinagar, Gandhinagar 382355, India. Email: pooranchandra.tejasi@iitgn.ac.in Abstract The penetration of renewable energy sources (RES) in distribution systems has entailed heavy deployment of monitoring and control infrastructure in the distribution system. This deployment of sensors and communication infrastructure has led to the emergence of a modern grid with a complex cyber‐physical network. On one hand, the cyber‐physical system can play a pivotal role in coordination and control of distribution systems through distribution system state estimation (DSSE). On the other hand, the risk caused by cyber‐attack has emerged as a major challenge for grid operation. The modelling aspects, namely DC loads, plug‐in‐vehicle and distributed generators (DGs) in DSSE and security aspects in cyber‐physical distribution systems, are highlighted herein. This paper is divided into different sections emphasising on the problems and challenges associated with DSSE, cyber‐attack focussing primarily on impact of false data injection (FDI) attack and co‐simulation platform for investigation of vulnerability of cyber‐physical systems. A comparative study among various DSSE and challenges namely, pseudo‐measurement, time synchronisation and communication issues are discussed. The potential investigation of FDI and need for a co‐simulation platform in distribution systems for risk analysis are also addressed. The opportunities and future research in the field of cyber‐physical distribution systems are discussed in depth.


| INTRODUCTION
The control and coordination in power systems have necessitated the development of state estimation (SE) in the transmission system. The state estimator monitors the real-time operating states in the power system for effective energy management. SE for a transmission system was well developed. However, there was less focus on the development of SE for conventional distribution systems where power flow was unidirectional. The penetration of distributed energy resources (DERs) and consumers' ability to participate in the energy market have encouraged utilities to monitor distribution systems via distribution system state estimation (DSSE). At present, the active distribution system should inherit self-healing and restoration capability in the presence of intermittent DERs and uncertain network events namely, faults etc. [1]. The concept of prosumers has emerged, stating consumers and producers to be the same entity where power exchange is done at community level. However, the emerging plug-in electric vehicle (PEV) technology with bidirectional power flow, the distribution system need to be monitored with efficient state estimator for flexible operations [2]. State estimation in distribution system is challenging with large number of nodes and insufficient real-time measurements. The estimation algorithm with branch current as state variable with reduced computational burden and complexity was proposed in ref. [3]. However, it had limitation of including current measurements and forcing the Jacobian matrix to depend on state variables. The revised algorithm was developed to obtain the constant Jacobian matrix independent of the state variables [4]. The node voltage-based state estimator and challenges associated with observability and measurement uncertainty in DSSE were explored in ref. [5][6][7].
DSSE is the basis of energy management system (EMS) in distribution system which receives the measurement input from physical system. A distribution system operator (DSO) relies on DSSE for control and monitoring the system. Figure 1 shows the various layer of cyber-physical system (CPS) in distribution network. Physical layer (distribution system) interacts with application and decision layer (state estimation and its functionalities namely, volt-var, fault management etc.) via communication layer through measuring and sensing unit namely, phasor measurement units (PMU's), synchro-phasor, smart metres and intelligent electronic devices (IED's). In application and decision layer, measurements from sensing units are processed through state estimators and operating states are estimated. With the knowledge of these states, the operator takes the appropriate decision namely, volt-var control, transformer tap changing, battery scheduling etc. The operator performs the optimal power flow and load flow studies for abovementioned operation with help of estimated states. The information and communication technology (ICT) have leveraged the process of monitoring and control. As shown in Figure 1, possibilities of tampering and damage of sensing and measuring units in CPS cannot be neglected and hardware security in CPS need to considered. However, with surveillance on sensing and metring unit, physical tampering in CPS is difficult but the risk of tampering cannot be underestimated. The communication layer consisting of LAN, Wi-Fi, WAN etc. are at higher risk and need to be protected from cyber-attack. The application and decision layer utilise the optimization algorithm to derive the control signal to physical system. The cyber-attack namely, false data injection, data spoofing and denial of services on DSSE can disrupts the distribution system operation leading to economic loss and physical damage. Thus, such cyber-attacks need to be explored and investigated.
The common platform to understand distribution system state estimation along with false data injection (FDI) in DSSE is provided herein. It highlights the challenges in DSSE and impact assessment of FDI attack in cyber-physical distribution network. The paper investigates the unexplored bits in DSSE and provides an insight for developments in DSSE algorithms with inclusion of PMU, SCADA, smart metre etc. It also inspects the challenges to incorporate these measurements in DSSE. On another side, owing to cyber-physical nature of distribution system, cyber security aspects focussing on cyber-attack by FDI is reviewed for security and vulnerability assessment of cyber physical distribution system. Various challenges and opportunities are discussed in paper which encourages researchers in this domain to take up these challenges and to provide the best and effective solution to address the problems.
The paper is organised as Section 2 includes the mathematical formulation of DSSE. The DSSE modelling is included in Section 3. Various DSSE algorithms are discussed in Section 4. Insight of cyber-attack is provided SE in discussed in Section 5 followed by challenges and key areas of research and concluding remarks in Section 6.
The objective function to estimate the state is expressed as in Equation (4) and solved iteratively with Newton method. The general solution for objective function is obtained by the normal equation (NE) where the states can be estimated by Equation (5).
For kth iteration, x kþ1 ¼ x k þ Δx kþ1 . Where, The solution with NE method may diverge and can cause the convergence issue with higher resistance to reactance ratio [9]. Robust SE algorithm with equality constraint and zero injections was formulated and solved with NE with more efficient [10][11][12][13]. The objective function described in Equation (4) subject to zero equality constraint cðx Þ ¼ 0. Solution of zero constrained can be obtained iteratively by solving Equation (6). With λ as Lagrange's Multiplier, Equation (6) is iteratively solved to obtain the estimates. Different state estimators have been formulated based on maximum likelihood criterion. The comparative study among WLS, weighted least absolute square (WLAV) and Schweppe Huber Generalized Estimator (SHGE) was studied in ref. [14].
As in ref. [14], the WLS-based estimator is more consistent and efficient compared to WLAV and SHGE estimator. SE based on non-iterative methods provides the better computational efficiency and improved convergence rate [15][16][17].

| Formulation of linear state estimator
Linear state estimators are computationally efficient and state estimation equations are solved for decoupled form [15]. Equation (1) is linearised along the operating point for h(x) and residual is given by Equation (7). The decoupled form that is separation of real and imaginary part is done to improve the sensitivity of performance matrix, followed by Equation (8).
where, h is the Jacobian matrix with suffix r and i. Index r and i indicates the real and imaginary. The estimate x r and x i are obtained by solving Equation (8) by considering Equation (4).

| Handling of high r/x ratio
The high r/x ratio results in ill-conditioning of H matrix. It constitutes the partial derivative of measurement functions with respect to state variables as in Equation (9 where P, Q, v, θ indicates the active power flow or injection, reactive power or injection, voltage magnitude and angle measurement. In transmission system, the off-diagonal elements ∂P ∂v and ∂Q ∂θ are neglected that is ∂P ∂v ≈ ∂Q ∂θ ≈ 0 because of BHATTAR ET AL. -43 weak coupling [5]. With high r/x ratio and strong coupling, the off-diagonal elements cannot be discarded in distribution system. To avoid the ill-conditioning [9] of H matrix, the P abc and Q abc measurements are handled by converting in equivalent current measurement I abc and making the H matrix independent of state variables Equation (10), where abc denotes the phases. The equivalent current measurement can be expressed with voltage or a current variable [3,18] for every iteration k.
The structure of H with voltage variable for power injection measurement in rectangular form is expressed as in Equation (11), where the admittance matrix is ½Y abc � 3�3 ¼ ½G km þ jB km � 3�3 . With branch current as the state variable it consists of À 1 with power injection and þ1 in the case power flow measurements. It depends upon the state variables and need to be updated at every iteration with inclusion of voltage measurement and its formulation with current, voltage and PMU measurement is provided in ref. [5,18,19]. G km

| DSSE MODELLING
The DSSE algorithm requires the network information and mathematical model to represent the distribution system topology. The suitable three phase model should be incorporated for real time monitoring of distribution system and to solve the SE problem. The mathematical model for distribution system elements namely, feeder, underground cable, transformer etc. are briefly discussed in the following section.

| Line and transformer model
The feeder model for distribution system that is three phase, four wire can be represented as 4 � 4 impedance matrix Z with modified Carson method. To simplify the computational burden, the Kron's reduction is used to reduce Z matrix to 3 � 3 [20]. The three phase model of line segment takes mutual impedances in consideration as in Equation (12).
where a, b and c represent the phases; the diagonal elements of Z namely, Z aa , Z bb and Z cc represent the selfimpedance while off-diagonal elements represent mutual impedances between the phases. The underground cable is modelled similar to overhead line using modified Carson equation with primitive matrix is 6 � 6 and simplified to 3 � 3 [20]. Modelling of distribution transformer plays a vital role in state estimation, short circuit and load Flow studies. The transformer is represented by nodal admittance matrix Y T ð6 � 6Þ with current and voltage relation as in Equation (13) [21,22]. Where, I p , I s ¼ primary and secondary phase current of transformer; V p , V s ¼ primary and secondary phase voltage; Y T consists of submatrices Y pp , Y ps , Y sp and Y ss of matrix size 3 � 3.

| Load model
The distribution system includes single and three phase loads with delta and star connected configuration. Loads can be further modelled as constant impedance (Z), constant current (I) and constant power (P) that is ZIP model [23]. The spot and distributed loads were represented by current injection model described in ref. [24].

| Plug-in-electric vehicle
Environmental impact and energy policies have encouraged plug-in-electric vehicle (PEV) in distribution system. Increase in PEV is reshaping the load demand and burdening the distribution transformer. Hence, it is mandatory to understand the PEV load characteristic and its impact on distribution system with appropriate modelling in SE. The PEV is modelled with constant load current to assess the grid stability [25], and as constant power for wide area monitoring application [26]. The power and voltage dependent model with negative exponent ðα ¼ À 2Þ as in Equation (14) is considered for stability analysis for PEV [27,28], where P 0 is the nominal power with the nominal voltage V 0 and α as exponent.
Constant impedance ðα ¼ 2Þ, constant current ðα ¼ 1Þ and constant power ðα ¼ 0Þ, the negative alpha draws the system towards the instability. The composite load model that is constant impedance Z, constant current I and constant power P was considered with the charging and discharging behaviour of PEV. It is modelled with voltage dependent profile that is V i measured at ith range of state of charge is given by Equations 44 -BHATTAR ET AL. (15) and (16) where the Z p , I p and P p coefficients are calculated to fits the model with constraints (Equation 17) [29].

| DC load building
The low voltage (LV) modelling for DSSE is based on the user activity and provides the information of energy demand. The residential load is modelled as aggregated load in LV system. The LV loads includes the power electronics loads namely, uninterruptible power supplies, HVAC, resistive and heating load, water pumps. These loads are modelled as aggregated load for N household appliances, n index of household appliances, the real and reactive component of aggregate household ZIP model as in Equations (18) and (19) are Z pA , I pA , P pA , Z qA , I qA and P qA . P n denotes the power demand of appliance. P denotes the total power demand of household. The real and reactive power components of ZIP model of appliance n are Z pn , I pn , P pn , Z qn , I qn and P qn . pf 1n is displacement power factor of appliance n [30,31].

| Measurements
Presence of few metering and sensing infrastructure forces the system operator to rely on pseudo-measurements for state estimation. For state estimation, the input measurements are categorised as real-time measurements (obtained at RTU), virtual measurements (VM) [32] and pseudo-measurements [33]. VM are considered as error free and measured at substation where loads are not connected. These measurements enhance the performance of SE. Pseudo-measurements improves the network observability and are obtained from consumer load curve and demand curve [33]. Another way to obtain pseudo-measurements by using the load flow results and adding the error to mimic the real-time measurements. High penetration of DER and the lack of monitoring units force the state estimators to depend upon the forecasted measurements and making it less accurate because of uncertainty in measurement data. The inclusion of voltage phasor measurement obtained by PMU has elevated the performance of state estimator [34].

| DG in DSSE
Precise monitoring of DG in distribution system needs suitable mathematical model. The wind and photovoltaics generator are modelled as (1) direct connected, that is, no power electronic converter interfacing. The wind generators are synchronous machines or induction machines are modelled as R-X model. Owing to the stochastic nature of wind, the wind generator cannot be modelled as a constant power model. (2) Indirect connected that is power electronic converter interface with distribution system [35]. The photovoltaics generator is modelled as constant power model with converter interface [36,37]. The indirect connected DG's have internal controllable states and actual states that need to be monitored [38]. Precise modelling of DG is required as these states provide the information of asymmetric characteristic in voltage output of DG because of unbalanced load.
� Modelling aspects of DER: The wind turbines, gas turbines, micro-turbines and internal combination are directly connected to grid via., synchronous generator and induction generator and indirectly to grid through power electronics converter. The induction and synchronous generator are modelled as the constant power PQ [38][39][40]. � Induction generator: The active power and reactive power for induction generator is described as P ¼ f ðV ; sÞ and Q ¼ f ðV ; sÞ, where s is slip. � Synchronous generator: The synchronous generator is modelled as voltage controlled node that is PV when the terminal excitation voltage is kept constant while it is modelled as PQ when the excitation voltage is varied. For the rotor wound synchronous machine the active power and reactive is expressed as Equations (20) and (21). E is the no load voltage, δ power angle. E and δ are called internal states. The P and Q are active and reactive power of DG.
� Sequence modelling unbalanced distribution system: In unbalanced conditions, DGs are modelled as sequence impedance. The Norton equivalent of DG is represented in Figure 2 The zero sequence, positive sequence and negative sequence admittance are represented as y o , y 1 and y 2 .
The admittance Y abc is expressed as in Equation (22) with transformation matrix T s [41]. The apparent power in compact is expressed as S abc g ¼ ½V abc g �½I abc g � * T , T represents the transpose where phase voltages and current are expressed as V abc and The phase current in terms of sequence component is expressed as I abc p Þ½1 a 2 a� T I 1 . The grid current I abc g is given in Equation (23).
� Power electronic-coupled DER: The power electronic converter coupled with DER are modelled as three wire and four wire in distribution system. With balanced condition, the DG control circuit supply the positive sequence components while the negative and zero sequence with appropriate control in unbalanced condition. However, DG is modelled as PV node when active power exchange is made and PQ when both active and reactive power is exchanged [42]. � Sequence modelling of transformer: The admittance matrix Y abc of transformer can be transformed to sequence components as in Equation (24) with transformation matrix T [43].
� Sequence model of line impedance: The line impedance after Kron's reduction is transformed to sequence model as in Equation (25), where the off diagonal gives the sequence component of mutual coupling and diagonal elements give the sequence component of phase impedance [43].
y 00 y 01 y 02 y 10 y 11 y 12 y 20 y 21 y 22 � Sequence modelling of load: The unbalanced load can be represented in positive, negative and zeros sequence [43]. � Technical challenges with DG: The asymmetric phase output envisage the problem of overvoltage and reverse power flow in unmonitored DG units. Monitoring the actual state becomes mandatory with DG connection. However, distribution system largely depends on pseudo-measurement because of lesser number of measuring devices at DG. The accuracy of pseudo-measurements poses challenge for error-free estimation. The forecasting-based model are adopted for depending on unmonitored DG's namely, machine learning-based algorithm with evolutionary algorithms, forecasting model [44]. The stochastic variation of load demand, uncertainty in power generation and presence of various noise levels in telemetered data in DG necessitate the development of appropriate forecasting model for DSSE [45].

| CLASSIFICATION OF DSSE
DSSE algorithms are the extension of transmission system state estimation algorithms. Owing to complexities in distribution system namely, unbalanced network condition, higher r/x ratio and insufficient measurements, the DSSE algorithm need to be explored. However, statistical state estimators are popular because of their consistency and accuracy to estimate the states. With penetration of DERs, the data driven and dynamics state estimation were introduced recently in literature are discussed in Section 4.3 and 4.6. In following section, DSSE algorithms namely, voltage-and current-based state estimator, forecast-aided, multi-area and data driven are summarised.

| Voltage-based and branch current-based sate estimator
Over the time, different state estimators were developed and measurement data were processed to determine the operating state through WLS-based optimization technique. Based on selection of state variable either as voltage or branch current, voltage-based state estimator (VBSE) [5,18], and branch current-based (BCBSE) [3] were developed. The BCBSE was found to be computationally efficient because of a constant Jacobian matrix. The authors in ref. [46] suggest that BCBSE have better performance and accuracy with ease to implement in real time operation compared to VBSE. They showed the similar performance under same error propagation in measurement data. However, the gross error in measurement data deteriorated the performance of VBSE and BCBSE. With increased number of smart metre, the nodal power injection measurements are significant for state estimation observability. These measurements are modelled as the injection power measurement and handled converting with equivalent current injection in BCBSE and with sequence component transformation in VBSE.

| Robust state estimator
Conventional estimator is well developed for over-determined systems (number of equations are more than number of unknown). In the case of under-determined systems (lesser number of equations than the number of unknown), solving estimation problem is challenging and obtained results might diverge from the true estimation. The robust estimators are capable to produce results in the presence of measurement data error for under-determined system. The framework for robust state estimation was provided in ref. [47] by using the closed loop information flow; machine learning algorithm for load estimation and robust algorithm for the pseudo-measurement generation. The adaptive nonlinear auto-regressive model was developed for SE and load estimation [48]. The machine learning techniques were used for load estimation and to generate the pseudo-measurements to make the SE functionally more robust by handling the bad data detection [49][50][51]. SE was formulated as mixed integer optimization problem has improved accuracy and was capable to handle bad data [47]. The robust estimator discussed in ref. [51,52] namely, quadratic constant estimator, M-estimator, maximum exponential absolute value (MLAV), Schweppe Huber Generalized (SHG) etc., performs better in the presence of noisy measurement other than Gaussian noise. In overview, these class of estimators are capable to deal with under-determined system and cope with different noise level in measurements obtained from SCADA and PMU.

| Forecast aided state estimator
The distribution system with considerable level of uncertainty in load demand, intermittent nature of DERs and availability of large data in distribution system have encouraged the forecast aided state estimators (FASE) to deal with uncertainties [53][54][55]. In FASE, Kalman-based filtering is adopted to capture the distribution system dynamics. The pseudo-measurements are forecasted using the consumer load profile. The method proposed in ref. [56] utilises the load flow and unscented Kalman filtering approach (UKF). The point-based Gaussian filter was developed for state estimation and results were found to be better than the conventional UKF [57]. Multi-layered hierarchical SE using FASE with non-iterative method using augmented Kalman filtering with complex variables have been proposed [55]. The past aware state estimator (PASE) utilising the historical database is discussed in ref. [58].
ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi

| Multi-area state estimator
Owing to large distribution network and control centre located at different geographical location, single SE was insufficient to monitor the real time operation. The monitoring area was divided into different zones acquainted with BHATTAR ET AL. -47 individual estimator. The complete monitoring was obtained by unifying the individual estimator [63]. For DSSE with multi-area and overlapping area, individual estimation of zone is sufficiently observable to carry the SE. The SE with measurement correlation and reduced communication units is discussed in ref. [64]. In ref. [65], the framework for the MASE with self-weight updating method is discussed. The MASE may utilise one or combination of the mentioned state estimator: statistical state estimator, robust state estimator and forecast-aided state estimation. The choice for multi-area state estimation can be made on computational speed and convergence ratio. The various type of DSSE, their pros and cons are summarised in Table 1.

| Data-driven state estimator
The data driven approaches are becoming popular to address the large data from smart metres and fewer real-time measurement. The hybrid state estimator with a combination of data driven and statistical estimation was proposed with inclusion of smart metre data [70]. The large data coming from network which includes the customer information and metred data need to be handled with systematic manner [60]. Handling large volume of data pose a challenge for data-driven estimator.
To address this issue, the neural network-based NARX model was developed for state estimation and monitoring [48]. ANNbased scalable state estimator incorporating local state estimation was developed [71]. The data based on forecasting of load and generation was utilised to train neural network with supervised learning to handle uncertainties [72]. The deep neural network-based DSSE utilising the historical and load data for generation of measurement along with SCADA and AMI was proposed [73]. Based on data correlation and redundancy, the input variable selection is proposed in ref. [74] to reduce the computational burden. The relevance vector machine (RVM) was used to generate the pseudo-measurements by considering the weather conditions [68,75]. The data-driven estimator can play vital role in LV/MV monitoring with large available with smart devices.

| CHALLENGES AND FUTURE RESEARCH IN DSSE
In previous section, different classes of DSSE are elaborated. Following section is dedicated to highlight the challenges and future work in state estimation. In over-view, the section includes the issues associated with PMU, SCADA and smart metre. With emergence of cyber layer, the issues associated with cyber security in distribution system namely FDI attack model and detection method, and co-simulation platform is discussed.

| PMU/SCADA/smart metres
The distribution system relies on the SCADA to capture the dynamic scenarios and to monitor the status of distribution system accurately. The large number of PMU's need to deployed to monitor the voltage phasors and current phasor on incident bus with synchronised GPS [81]. The existing challenge in SE is to synchronise the measurement information obtained on different time scales as PMUs provide measurements within a millisecond whereas SCADA measurements are obtained within an interval of 2 to 10 s. The incoming information of PMU and SCADA need to be processed to avoid the information loss that is packet loss [19]. The measurement data obtained from SCADA and PMU are processed independently with multistage-SE and leading to computational burden [82]. However, these measurements are contaminated with noise other than Gaussian error and need to explored [52]. The large number of nodes in distribution network makes economically infeasible to implement PMUs, the criteria to choose minimum number of PMUs need to be well established for DSSE along with development of low cost PMU. The selection of optimal number and optimal location of PMU poses a challenge for DSSE in distribution system [83]. The DSSE is leveraged with inclusion of PMUs, SCADA and smart metres. Inclusion of smart metre with PMUs and SCADA lead to problem of nonsynchronised when measurements are fetched at different time horizon, respectively [84,85]. The absence of metring in medium voltage (MV) distribution system makes the utility to depend on pseudo-measurements. However, with installation of smart metres in low voltage (LV) and MV estimation have become possible [66]. The DSO relies on the aggregated load data from smart metre and incorrect aggregated load data impacts the voltage and angle estimation in DSSE severely. The insecure smart metre raises the challenges associated with privacy and security of consumer. The utility company enforce the revised policies and regulation for collaborative working with government to preserve the consumer privacy.

| Miscellaneous challenges in algorithms
With discussion of various DSSE method in Section 4, this section emphasises on miscellaneous challenges in DSSE discussed in selective papers. The real-time monitoring in distribution system is complicated because of network type namely, radial distribution system, meshed and weakly meshed system with varieties of phasing, balanced and unbalanced system. The research is focussed on utilising the data namely, load data (historical data or forecasted data) and to deal with uncertainty in measurement to obtain the correct estimation in DSSE. Table 3 includes miscellaneous collection of paper addressing the problem and research gap in DSSE algorithm.

| Microgrid state estimation
In the previous section, the brief literature on DSSE algorithms were discussed. The application of static and dynamic state estimator for microgrid state is challenging. DSSE in microgrid need to be explored to capture the real-time events like fault identification, detection and status of circuit breaker [89]. DSSE algorithms are sensitive with measurement data. The microgrid with communication suffers 'packet data loss' leading to information loss. To address this issue, filtering techniques namely, Kalman filtering, unscented Kalman filtering and fading channel were proposed in Ref. [90,91]. The challenges associated with reconfiguration of topological structure in DSSE need to be addressed. The centralised estimator is popular to estimate the observable and controllable states in microgrid. However, corrupt information in centralised state estimation abruptly provide the incorrect estimation. The distributed dynamic DSSE can overcome the central information processing. However, it requires large number of communication channel and parallel processor. DSSE provide the steady state estimation while the electrical transients handling is less investigated. Capturing the transient data is challenging as data has to be sampled at higher rate for providing as input to the state estimators. The communication challenges like bandwidth, resolution and packet data loss need to addressed in microgrid for DSSE algorithm. With proliferation of IoTs, handling and processing of large data is complex and challenging which need to investigated thoroughly [92].

| Harmonic estimation with DSSE
Power electronic converters interfaced with DGs for efficient power flow control contribute to harmonics with other nonlinear loads affecting the power quality. The harmonic estimation and harmonics source estimation play a vital role in DSSE for control decision to incorporate appropriate harmonic compensators for power quality improvement. In DSSE, the states are calculated with fundamental frequency while the harmonics states are estimated with integral multiple of fundamental frequencies. The DSSE is severely affected by impact of harmonics on CT and PT which are used as measuring equipment [93]. The Bayesian approach-based harmonics source estimation with uncertainties is modelled with Gaussian noise in ref. [94]. Owing to the nature of distribution system, obtaining the analytic solution for harmonic estimation is challenging and numerical solver need to be explored without compromising the accuracy. Identification of harmonics sources and their modelling namely, current source and voltage source harmonics need to be investigated [95]. The dynamic filtering algorithms are capable to estimate the harmonics and their sources. However, inter-harmonics problem need to be addressed [96]. Estimation of harmonics sources is complex in absence of measuring devices. With inclusion of PMUs at the harmonic sources can solve the problem. The solution of harmonics estimation in unobservable system is challenging [97]. Harmonic estimation with optimization technique using daily load profile is investigated in ref. [98]. However, the estimation algorithms depending on load curves are time consuming for estimating each harmonic component and harmonics sources. Techniques like singular valued decomposition and Fast Fourier Transform are applied for harmonics state estimation. However, these conventional techniques pose the computational burden and packet fence problem in FFT [99].

| Interaction between TSO and DSO
DSSE plays key role in energy management of active distribution system. Integration of DER with transmission system has encouraged the ancillary service. Similar idea of ancillary service support needs to be extended in active distribution system. The interaction between transmission system operator (TSO) and DSO is important for energy trading and flexible grid operation. The DSO can support the TSO with active power support in case of congestion. The interaction between TSO and DSO need to be encouraged with ancillary services and energy transaction policies. Hence, it is necessary to develop the effective co-ordination and control tools to monitor transmission and distribution system. However, combined state estimation between the transmission and distribution system need to established for effective monitoring. Issues and challenges in TSO and DSO interaction are addressed in Ref. [100][101][102][103].

| CYBERSECURITY ASPECTS IN DSSE
In a CPS, the application and decision layer receives the telemetered data from a measuring and sensing units via communication layer as shown in Figure 1. In order to understand the DSSE in CPS, consider Figure 7, where the control centre receives data from RTUs via the ICT network and estimate the state of a distribution system with DSSE in EMS platform. Figure 7 illustrates the interaction among the physical system with a help of bidirectional communication network. These communication network namely, wide area network (WAN), neighbourhood area network (NAN), home area network (HAN) along with information network plays the crucial role for system operation [104,105]. However, they are also vulnerable to cyber-attacks as shown with RED dots in Figure 7 and provide an opportunity to compromise the system. It is noted that cyber-attack can be in the form of denial of service (DoS), data spoofing or FDI [106]. As the focus of this review paper is on FDI, following section investigates only FDI attack on DSSE in distribution system. In order to understand the impact of an FDI attack (in cyber layer) on a physical system, consider a targeted and random FDI attack at RTU to manipulate the measurement data. This manipulated data processed with DSSE in control centre generates an inappropriate reference and actuating signal to mislead the operator for undesired system operation and further disrupting the physical infrastructure.
This can be understood in detail from Figure 8 where an FDI attack at RTU affects state estimation in EMS. The deceptive FDI bypass the bad data detection (BDD) misleading the DSO to take incorrect decision in distribution system functionalities namely, forced volt-var operation affecting physical infrastructure. However, an early detection of FDI attack aids the DSO in implementing corrective actions. It is noted that the cyber-attacks on state estimations are financially motivated to cause economical and physical loss [107][108][109]. The FDI attack in transmission system are well known and such attack in distribution system are least explored. Table 4 provides the summary of FDI attacks and their impact. In order to protect the distribution system from cyber threat, it is mandatory to understand the attack strategy. This section highlights the construction of attack vector, detection methods and the impact of FDI attack on the system.

| FDI attack on power system communication
With the IoT's, the devices talk and communicate each other through the exchange of packet data. The intentional and careful injection of these packet data leads to modification of packet causing the false information. The FDI attack on PMU data includes the replay type attack where the data are repeated TA B L E 3 Summary of algorithms, problem addressed and scope

Type of DSSE Optimization Unexplored Bits
Iterative method [80] Least square Problem addressed: Phasor identification, data aggregation and uncertainty evaluation Processing the accuracy for data aggregation after time interval, and GPS spoofing [136]. However, these FDI attack challenges are growing concern for power grid operator where the IoT devices operates on interoperability principle and the information of operating devices becomes easily to available for third party [137].

| Mathematical model of FDI
The DSSE determines the operating states namely, voltage magnitude and angle, status of circuit breakers (CB), status of capacitor bank and taps of transformer. The intentional manipulated measurements bypass the BDD in DSSE and mislead the operator to take unintentional action namely, opening of CB, load shedding etc. The FDI attack model in distribution system is derived from the concept of FDI attack on dc power flow model. The linearised measurement model is z ¼ Hx þ e, the attack vector is constructed such that The attack vector a is expressed as the linear combination of error vector c as a ¼ Hc [107]. In the case of AC power flow-based DSSE, for the measurement function (Equation 1) the attack vector is derived as Equation (29) [107]. Where a ¼ hðx a Þ À hðxÞ, the attack vector a has to be designed such that z À hðxÞ ≤ τ where τ is the threshold.
In three phase distribution system, the power flow equation is expressed as Equations (30) and (31) [139]. P and Q are power injection; i and j are the node; N is the total number of nodes; α and β are the phase; α, β ∈ fa; b; cg. For the distribution system, the increment or decrement in power equation needs to be computed to bring the estimated change in state variable.
As discussed in ref. [119], the condition like energy balance, KCL and KVL need to be satisfied for successful attack. The FDI attack on optimal power in distribution system is investigated in ref. [141] to maximise the generation cost C i for F I G U R E 8 FDI attack on state estimation F I G U R E 7 Detailed interaction of CPS 54generation of complex power s i with decision variable s and voltage V as in Equation (32).
Subject to: a. Ohm's law:

Impact/analysis Method Scope
Impact on economic dispatch and market FDI on contingency analysis to change the locational marginal price with security constrained economic dispatch by using DC state estimation [110,111] Estimation attack using MILPMislead the operator by manipulating contingency No defence mechanism is provided along. AC state estimation need to be investigated along with FDI impact on dynamic contingency analysis The false data injection attacks are much popular as they impact the economy with malicious intention to again the profit or make loss of rival. Some attacks like ramp-based attack on multi-settlement market with false virtual bid may sabotage the market operation [112][113][114][115][116][117][118][119][120][121].

Risk assessment by FDI construction
Minimum number measurement and budget for FDI was investigated [116] FDI construction using the linear property Assumption: Attacker have network information The blind attack with no network information was investigated [117] Construction by the principal component analysis Assumption: Attacker has no network information (blind attack).
Topology attack [118] FDI by heuristic algorithm The scope of topology attack can be extended to study cyber vulnerability in physical system Risk and vulnerability assessment are the prime concern for FDI, the scope should be extended to develop of co-simulation platform for assessing the FDI attacks. However, understanding cyber-physical infrastructure plays the vital role for vulnerability assessment [69,[119][120][121][122].

FDI detection
Short term forecasting temporal correlation [123] Infinite and L2 norm Topology attack and load distribution attack Investigated the false positive and false negative rate and effect on economic dispatch was studied to compare the predicted state and to compute the threshold [124] Online anomaly detection Attack vector is constructed according linear combination to pass the bad data detection as guidance provided in ref. [125] Real time detection of FDI [126] Based on Bayesian properties and user defined rules Adaptive CUMSUM method. Performance analysis Markov chain based to perform analytical model Load/generation disruption and joint consideration with PMU Detection of FDI is the challenging, where it requires to understand the attacker's/adversary's policies. Further, literature on real time detection based on statistics and expert system can be found in Ref. [123,124,[125][126][127][128].
Denial of service (DoS) [129,130] Kalman filter with disturbance observer emulates the sensor. The FDI attacks are initiated to minimise the social welfare [141] with objective function is expressed as Equation (33), |Bid N | bid price for node N with change in power Δs N with constraints as (a)-(e).
Minimize ∑ N n¼1 À |Bid n |Δs n ð33Þ The distribution system control by SCADA plays the vital information exchange from substation equipment to DSO through communication protocol namely, DNP3, Modbus etc. The FDI attack at substation on load tap changer transformer (LTC) was investigated [142] with an objective to decrease the efficiency and to increasing the operating cost of transformer. The attack model is described in Equation (34).
where V FDI is the voltage reference with additional tap Δk and ΔV tap change voltage. The Δk is manipulated so that limit is not violated and the attack remains deceptive (Equation 35).
The game theoretic approach plays the significant role to build the attacker's model. Based on this approach, the volt-var control was misguided to increase the cost of operation. The objective function is defined with operating constraints is to maximise f ðx; cÞ where f is the cost function x is the operating constraints, c denotes the capacitor bank [143].

| FDI in distribution system
The FDI attacks in distribution system are crucial and less investigated owing to absence of large monitoring system. At present, the increased number of ICT in distribution system with inclusion of PMU, SCADA and AMI have increased the risk of cyber-attack namely, FDI on DSSE. Undetected FDI attack impacts the distribution system operation namely, voltvar, voltage level etc. [144]. The attack vectors were constructed to modify the power flow and injection measurement with strong relaxation that is information of neighbouring states at attack points are known [144]. Due to high r/x ratio, the FDI constructed with ac model have lesser probability of getting detected compared to attack vector constructed with dc model [144]. Very few literatures are available on FDI attack for unbalanced distribution system [145,146]. The attacker needs the information of system topology and access to measurement to compromise large number of state variables in unbalanced and multi-phase system for successful attack. With available information, the attacker develops the linear state estimator for attack construction [146]. The large amount of data is fetched through smart metres and synchro-phasors. Any corruption in these data made intentionally affects the reference generated by state estimator. For example, the feeder voltage profile controlled by volt-var optimization by utilising data from smart metres. Such data need to be secured which are utilised to derive a control signal in distribution system. In ref. [147], attack vector was constructed with mixed integer linear programing to mislead DSO. The cyber risks associated with distribution system automation were discussed and security protocols were proposed [148,149].

| FDI attack in microgrid
The community-based microgrid is serving as backbone to satisfy the peak energy demand and are monitored with state estimator. Recently, the vulnerabilities of microgrids with FDI and DoS attacks have been studied. The cyber-attacks can impact on functionalities such as voltage regulation, load curtailment, load sharing and battery dispatchment. The power electronics converter interfaced with renewable energy sources are operated with centralised or decentralised controllers with communication and control variables are estimated with distributed state observer. In FDI attack, the attacker gain access to few control variables limiting attack zone and other possibility that attacker can access all control variable to have maximum impact of damage. Hence, it becomes necessary for system operator to protect the set measurements optimally so as to avoid the FDI attack. The attack vectors in microgrid are constructed without violating the energy balance [150]. FDI attacks in the microgrid operation were investigated with connected graph constrained Knapsack (CGKP) and security matrix was proposed [151]. The agent-based control in microgrid for central energy has been implemented in literature [151]. The attacker formulated unit commitment problem to construct FDI successfully for load curtailment [152]. In communitybased microgrid optimal attack vectors are constructed to make profit by intervening in market operation [153]. In multi-agent, the agents are assumed to be communicating with synchronous time step whereas synchronous update makes difficult to identify the corrupt agent. The secure DSSE with diffusion algorithm to identify the corrupt agent was proposed [153]. However, the challenges in smart communication have been discussed in literature [154]. The temporal logic-based detection techniques have been proposed in dc microgrid [155]. FDI attack detection with deceptive attack strategy is challenging. Hence, the framework for attack detection and mitigation should be addressed for detection and mitigation.

| FDI attack detection
Securing the power system offers the challenge to system operator because of stealth and deceptive attack. The FDI attack detection techniques developed for transmission system are applicable to distribution system. The detection techniques are categorised as follow: � Traditional detection method (TDM) [7,156]: The normalised residual method and chi-square based method are used to detect the false data and these methods fail to detect the stealth attack. � Tempo-spatial detection (TSD) [157,158]: Spatial correlation region for the estimates is defined and those sets belonging to regions are considered to be consistent. The sets s i,t and s j,t are the correlation estimates for time t and smart component i and j, respectively. For the consistency the datasets are processed through principal component analysis (PCA). The Figure 9 depicts the consistency region. The other method is trust-based voting where G is the correlation space. Let N i is the set of all estimation and N c i denotes the consistent estimation. N i and N c i ∈ G. The estimation sets are reliable when |N c i | |N i | ≥ 50 % rest are classified are anomaly. � Data science-based method: The binary classification problem for detection of FDI is given as Equation (36) [159].
The comparison among the FDI detectors with the support vector machine (SVM), K-nearest neighbour (KNN) and extended nearest neighbour (ENN) were comparatively studied with detection accuracy (37) as performance matric [159]. Let tp, tn, fp and fn be true positive, true negative, false positive and false negative. P denotes the fractional of measurement compromised where P ¼ k = m . m: total measurement, k: Number of measurement compromised. A denotes the variance. The detection accuracy (acc.) as given in Equation (37). The detection method with 0:5 ≤ P ≤ 0:8 and 0:1 ≤ A ≤ 0:2 detection accuracy for SVM is 90% À 95% while 80% À 85% in KNN and ENN as shown in Figure 10.
� Miscellaneous detection: The attack detection method namely, binary-based, singular value decomposition and Kalman filtering is explored in briefly with centralised and distributed controller [160,161]. � Issues with detection: The window selection in tempospatial plays the critical role in identification of bad data. The false positive in tempo-spatial detection can be overcome by machine learning algorithm. The realtime FDI detection needs to be robust and address the missing data in detection method [157,158,161]. The practical detection method performance varies with type of attack and the attack may pass undetected. The detection method should be robust and updated over the span of time. The much of control strategy is focussed on centralised state estimation. However, owing to emergence of distributed state estimation where the local states and physical system are known and easy access to local variable is possible. This opens the challenge for attack detection in distributed state estimation.

| Vulnerability of DSSE algorithm to FDI attack
As discussed briefly in Section 4, the performance and estimation capability of DSSE algorithm depends on factors such as measurement model, measurement type namely, metred and pseudo-measurement. There exists a strong correlation between system measurements and state variables in DSSE, and a cyberattacker can exploit the measurements variance to construct the FDI attack vectors. The methods of FDI attack vector construction discussed in Ref. [139][140][141][142][143][144][145][146][147][148][149][150][151][152][153][154][155]163] are based on assumption of prior knowledge of network information, state variables and state estimator. A comparative study of FDI attack on different DSSE algorithms is not available in literature and it would be interesting to understand the impact of FDI attack on different DSSE algorithms in terms of estimation result. The authors are currently working on it and believe that among static, dynamic and data-driven DSSE, the data-driven estimator could be a powerful tool to predict the residues prior to estimation [164]. However, it's necessary to develop attack resilient DSSE in the presence of deceptive attacks. The FDI attack strategy on F I G U R E 9 Spatial correlation region [157] F I G U R E 1 0 Detection accuracy comparison BHATTAR ET AL.
-57 different DSSE algorithms needs to be investigated as part of vulnerability and security analysis of distribution system. Figure 1 describes the more generic layout for the CPS, enforcing the need of interacting platform between the physical power network and the information and communication network. The different layers as shown in Figure 1, need to be simulated and modelled with different computing software platform which is collectively termed as the co-simulation platform. The co-simulation platform for CPS is built with extreme knowledge of modelling of physical network with application of optimization to mimic the real-world scenario. Different co-simulation platform are discussed in literature [163][164][165]. The open source platforms are playing major role for the development of co-simulation platform. The benchmarking of co-simulation was provided with open source software on the cloud-based interface [150]. Developments of co-simulation platform helps to analyse the power network failure and communication mal-function caused by faults or caused with intentionally like cyber-attack. The major challenge for co-simulation is to model the events that are time based like power network event or the discrete events like the communication and to synchronise the time-based and discrete events. The interoperability among different software namely, open source (licenced in public domain) and the paid software (licenced to individuals) need to be addressed [69,168,169].

| CONCLUSION
The interaction of physical and cyber layer plays a vital role for the controlling the power system operations where DSSE has the significant role in energy management system. Owing to present scenario with distributed energy resources, monitoring the grid status is mandatory. As part of DSSE, the problem related to time synchronisation among smart metre, PMU and SCADA need to be investigated for better performance in DSSE. Along the line, the algorithm having low computational burden need to be investigated and process to handle the pseudo-measurements need to be developed extensively in multi-area state estimation. The security concern of state estimation cannot be discarded, as efforts have to make for protection and detection of cyber-attackslike false data injection (FDI) attack, denial of service and data spoofing. The FDI attack is critical issue that can disrupt the system operation. However, through the literature survey along the security aspects and the impacts of FDI have been discussed. The risk assessment has to be carried so as to protect the cyber-physical system (CPS) against cyber-attacks. The denial of service attack is more critical in security aspects of power network, the focus should be made to know and to understand such attacks in CPS. Owing to interaction of information and communication layer in power network, the software platform that is co-simulation should be developed more accurately to mimic the real time scenario to understand the power network operation in case of cyber-attacks or the ICT failures.